1 research outputs found
SeMA: Extending and Analyzing Storyboards to Develop Secure Android Apps
Mobile apps provide various critical services, such as banking,
communication, and healthcare. To this end, they have access to our personal
information and have the ability to perform actions on our behalf. Hence,
securing mobile apps is crucial to ensuring the privacy and safety of its
users.
Recent research efforts have focused on developing solutions to secure mobile
ecosystems (i.e., app platforms, apps, and app stores), specifically in the
context of detecting vulnerabilities in Android apps. Despite this attention,
known vulnerabilities are often found in mobile apps, which can be exploited by
malicious apps to harm the user. Further, fixing vulnerabilities after
developing an app has downsides in terms of time, resources, user
inconvenience, and information loss.
In an attempt to address this concern, we have developed SeMA, a mobile app
development methodology that builds on existing mobile app design artifacts
such as storyboards. With SeMA, security is a first-class citizen in an app's
design -- app designers and developers can collaborate to specify and reason
about the security properties of an app at an abstract level without being
distracted by implementation level details. Our realization of SeMA using
Android Studio tooling demonstrates the methodology is complementary to
existing design and development practices. An evaluation of the effectiveness
of SeMA shows the methodology can detect and help prevent 49 vulnerabilities
known to occur in Android apps. Further, a usability study of the methodology
involving ten real-world developers shows the methodology is likely to reduce
the development time and help developers uncover and prevent known
vulnerabilities while designing apps.Comment: Updates based on reviews MobileSoft, FSE, and Onward reviews. Added
content about usability evaluation. Added formal syntax and semantics of the
DSL and info flow analysi